Central Monitoring - Sending Consent Forms to a Coordinating Centre

We are increasingly being asked to send copies of consent forms to coordinating centres for central monitoring purposes. Does any one have any advice on whether this is acceptable? In some instances the REC application doesn't mention that this will be happening and neither does the monitoring plan.
Is it sufficient that the consent form says something along the lines of 'data collected during the study may be looked at by individuals from the research team, from regulatory authorities or from the NHS Trust, where it is relevant to my taking part in this research' or should the PIS specifically say that consent forms will be faxed to the coordinating centre?
Appreciate any advice - thank you

With regard to the sponsor organisations having copies of subject consent forms there is a division of opinion.
The MHRA in their GCP Guide (2012) have said that this is acceptable in special circumstances:- “When using central monitoring,... For example, when collecting signed consent forms, laboratory results with subject identifiers or collecting contact details for follow-up telephone calls/questionnaires, a formal system should be in place that complies with the Data Protection Act 1998 to ensure access to the confidential information is restricted and that the subjects of the clinical trial are aware that a sponsor or third party may have access to their data. This may be explicitly detailed in the subject information sheet or consent form approved by the... (REC)" MHRA GCP Guide (2012) Chapter 7; 7.5.3.2 & Fig 7.2 (& 7.6). You will notice that the MHRA do require that the REC application has this on it. You state that the REC application and monitoring plan does not have this process on it.

In contrast EMA Volume 10 Chapter 5, 3.2.12 (& ICH E6 8.3.12) states that signed informed consent forms are only located at the investigator site, not the sponsor organisation. Elsewhere in the MHRA Guide it states that (10.2.1):- "it is essential to segregate those documents that are generated or held by the sponsor ... from those of the investigator, as some documentation held by the investigator should not be provided to the sponsor. .. For example, the sponsor must2,3not have documents such as consent forms and subject identification lists..” .. “ under certain circumstances subjects can specifically consent to this information being sent outside the investigator site, for example if required by the protocol or central monitoring procedures.”
Elsewhere in the GCP guide it also states that diaries must5,6 be checked to remove personal identifiers before they are supplied to sponsors (8.2.7) and it quotes 2 UK regulations.
The MHRA has previously been very sensitive about confidentiality; “... release of patient sensitive information outside of the research team is considered a critical issue” (06Jul2007). In fact the MHRA has often presented in their frequent inspection findings list, the finding of "subject details sent outside investor site". These frequent inspection findings may change in light of the MHRA GCP Guide proposal where it will only be a finding if details are sent to a sponsor organisation without explicit consent of the subject, data protection processes in place and REC application information.

We do not know what other EU Inspectorates think of this MHRA proposal and what sponsor organisations should do if they are claiming compliance with ICH E6 or EMA Vol 10? To be cautious, it may be wise to follow the international guidance of ICH E6 and EU guidance of Volume 10.

The MHRA consider it acceptable to send consent forms for central monitoring providing that it is clear that identifiable data will be sent to a coordinating centre in the information sheet and consent form which is signed up to by the subject. In addition, as stated above, this must be clearly outlined in the REC application.

The big question is why are copies of consent forms being sent to a coordinating centre?
What is the coordinating centre doing with all this Personally Identifiable Information (PII)? How is the information used? If it is only used for project management logistics, is this a suitable use of sensitive personal information and all the attendant risks involved?
Should alternatives be considered? For instance faxing or E-Mailing a recruitment/enrolment form that details that subject 12345 gave consent on date, time and whether they then qualified to be enrolled after subsequent screening, etc. This way no PII is transmitted, but project management information is available to the coordinating centre. In fact eCRFs or IVRS or IWRS are good systems to use to collect data on subjects status.
Faxing documents that contain Personally Identifiable Information (PII) is a risky process. The fax may go to a wrong number and also not all fax machines are password protected such that only the authorised recipient has access to the output. If using fax technology it is always advisable to get verification of the safe receipt by the authorised recipient of all faxes.

How are the faxes stored? Handling PII always includes the risk that there may be a violation of subject confidentiality. Suitable measures must be taken to ensure that PII is securely and confidentially maintained. How will they be archived in the long term or will these copies be confidentially destroyed? Long term storage of PII also includes long term risks that confidentiality could be violated at a later date.
As copies are faxed it must be true that the originals are safely stored by the PI at the investigator site.

The big question is why are copies of consent forms being sent to a coordinating centre?
What is the coordinating centre doing with all this Personally Identifiable Information (PII)? How is the information used? If it is only used for project management logistics, is this a suitable use of sensitive personal information and all the attendant risks involved?
Should alternatives be considered? For instance faxing or E-Mailing a recruitment/enrolment form that details that subject 12345 gave consent on date, time and whether they then qualified to be enrolled after subsequent screening, etc. This way no PII is transmitted, but project management information is available to the coordinating centre. In fact eCRFs or IVRS or IWRS are good systems to use to collect data on subjects status.
Faxing documents that contain Personally Identifiable Information (PII) is a risky process. The fax may go to a wrong number and also not all fax machines are password protected such that only the authorised recipient has access to the output. If using fax technology it is always advisable to get verification of the safe receipt by the authorised recipient of all faxes.

How are the faxes stored? Handling PII always includes the risk that there may be a violation of subject confidentiality. Suitable measures must be taken to ensure that PII is securely and confidentially maintained. How will they be archived in the long term or will these copies be confidentially destroyed? Long term storage of PII also includes long term risks that confidentiality could be violated at a later date.
As copies are faxed it must be true that the originals are safely stored by the PI at the investigator site.

I work on studies that involve central monitoring of consent, adhering to the points listed by MHRA above. I think this is becoming increasingly common in risk adapted monitoring where such frequent visits to sites are not necessary. Also, in non-commercial studies the resources to monitor at site frequently do not exist. However, consent is so important that it is valid to monitor this in additional ways. By receiving a copy in a central office the consent form can be checked for things like ensuring patient has completed details themselves, form is on headed paper, correct version is used, consent has been taken by a delegated person. This needs a copy of the form to verify rather than an enrolment form etc. This allows check on the important point of consent to be done in a timely manner and problems picked up quickly which is not possible with less frequent site monitoring.

I agree that there is a risk with sending identifiable information and there must be proper processes and checks in place for this around all the points you raise. I have no doubt that this will be something the MHRA will look at when they are inspecting. However, I think on balance the importance of checking consent is valid justifies the risk in the transmission of identifiable information, so long as these are managed and documented processes. I think it goes beyond "project management logistics".

To the original poster, I agree that checking the protocol, REC opinion, consent etc all specifically address this point. I would not accept the generic "sponsor etc etc will see personal information" type thing to cover this. I think you are right to be cautious, but that does not mean it cannot be done. And as said above I would always recommend checking safe receipt of the fax/email and keep a copy of the fax confirmation sheet or email so that you have an audit trail of where/when you sent it.

I'm still not sure I understand the worth of such a risky process.
Many GCP auditors and inspectors feel that reviewing wet ink signature consent forms has a lot of meaning and aids them in their job. None of them think that faxed copies, supplied by the investigator, provide anywhere near the same decree of worth. A faxed copy is much more open to obfuscation, particularly when supplied by the very people who may be responsible for its probity. If the rationale, for sending vast amounts of PII (Personally Identifiable Information) away from the investigator site, is to better assure the rights of the subject, then it may not be fulfilling this objective, if the faxed copies are not necessarily very reliable and there may be a greater risk to the subject's right of privacy and confidentiality.

The MHRA has been providing guidance on risk based and proportionate alternatives to expensive on-site monitoring for low risk studies. In their GCP Guide (2012) they propose that other investigator sites could monitor each other. Hence research teams could validate each other's research work. Similarly, if the risk assessment allowed, a proportion of the wet ink signed & dated consent forms, could be reviewed by a person who was independent of the research team, but resident at the same institution. This would then validate the veracity of the recruitment/enrolment form process and hence provide some assurance as to the veracity of consent. This independent element would make deception by the research team much more difficult (certainly more difficult than them scanning the forms which they provide). Such review processes would be cheap in the extreme and may even be virtually free if alternative research teams build reciprocal monitoring and/or consent form review into their resources.

Other alternatives such as electronic consent (with PII only held by the PI site) is one area that is being looked into.

The risks of sending around consent forms with PII are so high, that there needs to be a water-tight rationale for this process and no viable alternates available. As there are alternates, it may be wise to ask if such risks are warranted given that the worth of the process may be viewed as low by many .

Assuming the requirements detailed above in the previous MHRA post in relation to informed consent and REC approval are met, the MHRA has no objection to such central monitoring practice. Please note however that this would not affect the review of original consent forms during GCP inspections by the MHRA. Original consents would be reviewed at the investigator site as part of the investigator site inspection.

I have a similar doubt about sending signed consent forms by email. My case-scenario would be:

Hospital "X" is conducting a clinical trial involving surgery. The surgeries, though, are performed at Hospital "Y". During the surgeries, some samples have to be taken and sent to the Hospital "X". However, the head of the pathology department at Hospital "Y" (though he is not involved in the trial at all), before sending the samples to Hospital "X", wants to be sure that the patients consented to participate on the trial. So he requests Hospital "X" to send him by email the signed ICF.

Would this be acceptable? (In my personal opinion, it is not acceptable sending signed ICFs by email and even less to somebody different from the Sponsor or Authorities who is not listed on the Delegation of Duties Log).

Caterineta - in the situation you have outlined, the patient should be informed via the Patient Information Sheet that a copy of their signed ICF may have to be provided to the head of the pathology department and why. There should then be a statment on the ICF for the patient to confirm they explicitly consent for this to be done. In that way, the patient is informed about who gets to see their ICF and has consented to this.

Sending Consent Forms to a Coordinating

Originally Posted by MonitorH

Caterineta - in the situation you have outlined, the patient should be informed via the Patient Information Sheet that a copy of their signed ICF may have to be provided to the head of the pathology department and why.Hoa tươi hà nội There should then be a statment on the ICF for the patient to confirm they explicitly consent for this to be done. In that way, the patient is informed about who gets to see their ICF and has consented to this.

The fax may go to a wrong number and also not all fax machines are password protected such that only the authorised recipient has access to the output.